CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-1054 – 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c
https://notcve.org/view.php?id=CVE-2018-1054
06 Mar 2018 — An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de lectura de memoria fuera de límites en la forma en la que 389-ds-base gestionaba ciertos filtros de búsqueda LDAP, que afecta a todas las versiones 1.4.x. Un atacante remoto ... • http://www.securityfocus.com/bid/103228 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2017-15134 – 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c
https://notcve.org/view.php?id=CVE-2017-15134
25 Jan 2018 — A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de desbordamiento de búfer basado en pila en la forma en la que 389-ds-base, en versiones 1.3.6.x anteriores a la 1.3.6.13, versiones 1.3.7.x anteriores... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15135 – 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
https://notcve.org/view.php?id=CVE-2017-15135
24 Jan 2018 — It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances. Se ha descubierto que 389-ds-base, desde la versión 1.3.6.1 y hasta e incluyendo la versión 1.4.0.3, no manipulaba siempre las operaciones de comparación de hash internas de manera correcta... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1854 – 389-ds-base: access control bypass with modrdn
https://notcve.org/view.php?id=CVE-2015-1854
19 Sep 2017 — 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. 389 Directory Server en versiones anteriores a la 1.3.3.10 permite que los atacantes omitan las restricciones de acceso previstas y modifiquen las entradas del directorio mediante una llamada ldapmodrdn manipulada. A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7551 – 389-ds-base: Password brute-force possible for locked account due to different return codes
https://notcve.org/view.php?id=CVE-2017-7551
16 Aug 2017 — 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. 389-ds-base en su versión anterior a 1.3.5.19 y 1.3.6.7 es vulnerable a ataques de fuerza bruta de contraseñas durante un bloqueo de cuenta debido a los diferentes códigos de retorno que se devuelven durante los intentos de contraseña. A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. ... • https://access.redhat.com/errata/RHSA-2017:2569 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2668 – 389-ds-base: Remote crash via crafted LDAP messages
https://notcve.org/view.php?id=CVE-2017-2668
11 Apr 2017 — 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. 389-ds-base en versiones anteriores a la 1.3.5.17 y 1.3.6.10 es vulnerable a una desreferencia de puntero inválido en la forma en la que se gestionan las peticiones LDAP. Un atacante remoto no autenticado podría emplear... • http://www.securityfocus.com/bid/97524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 3%CPEs: 9EXPL: 0CVE-2016-0741 – 389-ds-base: worker threads do not detect abnormally closed connections causing DoS
https://notcve.org/view.php?id=CVE-2016-0741
16 Feb 2016 — slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. slapd/connection.c en 389 Directory Server (anteriormente Fedora Directory Server) 1.3.4.x en versiones anteriores a 1.3.4.7 permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo de conexion) aprovechándose de una conexión cerrada de man... • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3230
https://notcve.org/view.php?id=CVE-2015-3230
29 Oct 2015 — 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher. 389 Directory Server (anteriormente Fedora Directory Server) en versiones anteriores a 1.3.3.12 no hace cumplir la preferencia nsSSL3Ciphers cuando crean un sslSocket, lo que permite a atacantes remotos tener un impacto no especificado mediante la petición de utilizar ... • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2014-8112 – 389-ds-base: password hashing bypassed when "nsslapd-unhashed-pw-switch" is set to off
https://notcve.org/view.php?id=CVE-2014-8112
05 Mar 2015 — 389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog. 389 Directory Server 1.3.1.x, 1.3.2.x anterior a 1.3.2.27, y 1.3.3.x anterior a 1.3.3.9 almacena contraseñas sin estar en hash incluso cuando la opción nsslapd-unhashed-pw-switch está configurado como apagado (off), lo que permite a usuarios... • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-8105 – 389-ds-base: information disclosure through 'cn=changelog' subtree
https://notcve.org/view.php?id=CVE-2014-8105
05 Mar 2015 — 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. 389 Directory Server anterior a 1.3.2.27 y 1.3.3.x anterior a 1.3.3.9 no restringe correctamente acceso al subárbol LDAP 'cn=changelog', lo que permite a atacantes remotos obtener información sensible del registro de cambios (changelog) a través de vectores no especifica... • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •